BreachFlow

A cybercrime group attempted to extort Kraken after recruiting at least two internal support employees to improperly access limited client support data from approximately 2,000 accounts. The threat actors threatened to release videos of internal systems showing client data.

Education company McGraw-Hill confirmed a data breach after hackers exploited a Salesforce misconfiguration on a hosted webpage, leading to unauthorized access to internal data. The ShinyHunters extortion group claimed responsibility, threatening to leak 45 million Salesforce records containing PII, a claim McGraw-Hill disputes regarding sensitivity and volume.

Hackers breached Basic-Fit's systems, gaining unauthorized access and exfiltrating personal data for approximately 1 million members across Europe. The compromised data included full names, addresses, email addresses, phone numbers, dates of birth, bank account details, and other membership information.

Booking.com confirmed that unauthorized third parties accessed user booking information, including full names, email addresses, postal addresses, phone numbers, and communications. The company responded by forcing PIN resets for affected reservations and notifying users.

The ShinyHunters extortion gang leaked over 78.6 million Rockstar Games analytics records, including in-game revenue, player behavior, and customer support data. The data was stolen from Snowflake environments using authentication tokens compromised during a security incident at Anodot, a third-party SaaS integrator.

Unknown threat actors compromised CPUID's website for less than 24 hours, replacing legitimate CPU-Z and HWMonitor download links with malicious ones. This led to the distribution of trojanized software leveraging DLL side-loading to deploy the STX RAT, an infostealer with HVNC capabilities.

Telehealth company Hims & Hers Health suffered a data breach via its third-party customer support platform, exposing sensitive personal health information (PHI) including names, email addresses, and medical details from customer support tickets. The ShinyHunters group claimed responsibility for the attack, though these claims were unverified.

Financially motivated threat actor Storm-2755 targeted Canadian employees of Microsoft using malicious Microsoft 365 sign-in pages to steal authentication tokens and session cookies. This enabled them to bypass MFA and hijack salary payments by manipulating direct deposit information in HR platforms like Workday.